I have a simple one page internal app that I just moved to IIS7.5. After enabling basic authentication and disabled anonymous authentication only local users can authenticate.
What I have done far:
- Enabled basic authentication and disabled anonymous authentication.
- Created group in Active Directory with accounts.
- Added AD group to the local User group.
- Added Network Service account to the directory.
- Created a local test user. - Works.
- Removed the local test user from all groups. - Still works.
- I'm using DOMAIN\USER for the username.
There has to be something simple I'm missing.
To enable Windows authentication for a page, you'd normally:
Populate that group with users
In IIS Manager, open the directory you want to secure
At this point, file system permissions will be used to govern whether an authenticated user has access to the site or not. So you just need to check file system permissions are OK:
In your question, you talk about Integrated Windows authentication, but then describe enabling Basic authentication - that's not the same thing; from the client end (at least for IE), Basic always prompts for a username and password, and it transmits it unsecurely; Windows auth is more secure, and doesn't prompt for authentication (with caveats including dots in the URL, and Local Intranet Zone-ing).